ClamAV can use databases/signature from other repositories or security vendors.

ClamAV can use databases/signature from other repositories or security vendors.

−

To add the most important ones in a single step, install {{AUR|clamav-unofficial-sigs}} and configure it in {{ic|/etc/clamav-unofficial-sigs/user.conf}}.

+

To add the most important ones in a single step, install {{AUR|clamav-unofficial-sigs}}.

This will add signatures/databases from e.g. MalwarePatrol, SecuriteInfo, Yara, Linux Malware Detect, etc. For the full list of databases, [https://github.com/extremeshok/clamav-unofficial-sigs#description see the description of the GitHub repository].

This will add signatures/databases from e.g. MalwarePatrol, SecuriteInfo, Yara, Linux Malware Detect, etc. For the full list of databases, [https://github.com/extremeshok/clamav-unofficial-sigs#description see the description of the GitHub repository].

=== Set up clamav-unofficial-sigs ===

=== Set up clamav-unofficial-sigs ===

−

−

First, edit the configuration in {{ic|/etc/clamav-unofficial-sigs/user.conf}}, and change the following line:

−

−

# Uncomment the following line to enable the script

−

user_configuration_complete="yes"

[[Enable]] the {{ic|clamav-unofficial-sigs.timer}}.

[[Enable]] the {{ic|clamav-unofficial-sigs.timer}}.

−

If you prefer a cron job instead of timer then run this instead:

+

This will regularly update the unofficial signatures based on the configuration files in the directory {{ic|/etc/clamav-unofficial-sigs}}.

−

−

# clamav-unofficial-sigs.sh --install-cron

−

−

This will regularly refresh the signatures from the databases used in the clamav-unofficial-sigs script and extra ones as configured in each configuration file in the {{ic|/etc/clamav-unofficial-sigs}} folder.

−

To refresh signatures from these databases manually, run the following:

+

To update signatures manually, run the following:

# clamav-unofficial-sigs.sh

# clamav-unofficial-sigs.sh

−

To stop the cron job from running, delete this file: {{ic|/etc/cron.d/clamav-unofficial-sigs}}.

+

To change any default settings, refer and modify {{ic|/etc/clamav-unofficial-sigs/user.conf}}.

−

Note that you still must have the {{ic|clamav-freshclam.service}} [[started]] in order to have signature updates from ClamAV mirrors.

+

{{Note|You still must have the {{ic|clamav-freshclam.service}} [[started]] in order to have official signature updates from ClamAV mirrors.}}

==== MalwarePatrol database ====

==== MalwarePatrol database ====

Revision as of 16:00, 18 May 2018

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. Because ClamAV's main use is on file/mail servers for Windows desktops, it primarily detects Windows viruses and malware with its built-in signatures.

MalwarePatrol database

In /etc/clamav-unofficial-sigs/user.conf, change the following to enable this functionality:

malwarepatrol_receipt_code="YOUR-RECEIPT-NUMBER" # enter your receipt number here
malwarepatrol_product_code="8" # Use 8 if you have a Free account or 15 if you are a Premium customer.
malwarepatrol_list="clamav_basic" # clamav_basic or clamav_ext
malwarepatrol_free="yes" # Set to yes if you have a Free account or no if you are a Premium customer.

If you would like clamscan to remove the infected file add to the command the --remove option, or you can use --move=/dir to quarantine them.

You may also want clamscan to scan larger files. In this case, append the options --max-filesize=4000M and --max-scansize=4000M to the command. '4000M' is the largest possible value, and may be lowered as necessary.

Using the -l /path/to/file option will print the clamscan logs to a text file for locating reported infections.

Using the milter

Milter will scan your sendmail server for email containing virus.
Copy /etc/clamav/clamav-milter.conf.sample to /etc/clamav/clamav-milter.conf and adjust it to your needs. For example:

Error: No supported database files found

This happens because of mismatch between /etc/clamav/freshclam.conf setting DatabaseDirectory and /etc/clamav/clamd.conf setting DatabaseDirectory.
/etc/clamav/freshclam.conf pointing to /var/lib/clamav, but /etc/clamav/clamd.conf (default directory) pointing to /usr/share/clamav, or other directory. Edit in /etc/clamav/clamd.conf and replace with the same DatabaseDirectory like in /etc/clamav/freshclam.conf. After that clamav will start up succesfully.

Error: Can't create temporary directory

If you get the following error, along with a 'HINT' containing a UID and a GID number: